What is Phishing?
Phishing is a form of social engineering. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password and other personal identifying information (PII)
The attacker can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.
Spear-phishing attempts target and email specific people and organizations. The hackers and spammers attempt to learn information about you so that when they send you an email, it seems as if it comes from somebody you know, whether it be a friend or familiar business. Spear phishing isn't as common as general phishing attempts because they are much more time consuming to make, but spear phishing attempts are often much harder to detect because it is often addressed directly to you, seems to come from a trusted person, and can often bypass traditional security defenses.
Spammers who send spear phishing emails often use social media sites to learn as much about you as they can. If your information is made public, spammers can look through your recent posts and friends list. Make sure you keep your information private and don't accept friend requests from people that you don't know. If you receive a suspicious email from a friend requesting personal information, you can always contact the person to make sure the email is legitimate.
Other Types of Phishing
When people refer to phishing, they are most commonly referring to phishing attempts that come over email, however there are a few other types of phishing:
- Smishing - Phishing attempts that come over SMS (text) messaging. Cell phone users receive a text that usually contains a link or phone number which will then attempt to get personal information from you. Criminals may even send these pretending to be a bank or cell phone carrier.
- Vishing - Phishing attempts that come over phone calls. A few years ago scammers posed as Microsoft support technicians and called consumers, informing them that they needed access to their computer to help remove a "virus" (While in actuality, it is more likely that they were installing some sort of malware). Scammers may also use caller ID spoofing technology to display a false name or number on your phone.
Have I Been the Victim of a Phishing Scam?
Often times victims of phishing scams receive several undeliverable messages, or there will be unfamiliar emails in your sent box. Other times, your signature will be changed or forwards will be set up. Learn how to check for changed signatures and forwards.
If you believe that you have been the victim of a phishing scam, change your password immediately and report it to firstname.lastname@example.org or submit a support ticket. If you are using Gmail, you can also end all other active sessions. This should stop any unauthorized access to your account.